Lucene search

[email protected]CVE-2024-22272

HistoryJun 27, 2024 - 9:15 p.m.

CVE-2024-22272

2024-06-2721:15:13

[email protected]

web.nvd.nist.gov

vmware

cloud director

privilege management

vulnerability

denial of service

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

VMware Cloud Director contains an Improper Privilege Management vulnerability.

An authenticated tenant administrator for a
given organization within VMware Cloud Director may be able to
accidentally disable their organization leading to a Denial of Service
for active sessions within their own organization’s scope.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware Cloud Director",
    "vendor": "N/A",
    "versions": [
      {
        "status": "affected",
        "version": "VMware Cloud Director 10.5.x, VMware Cloud Director 10.4.x"
      }
    ]
  }
]

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24371

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-22272

nvd1 cvelist1